Towards a Taxonomy of Information Assurance

   A Work in Progress

by Abe Usher

Information assurance is defined as "information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.

I am presently working on creating a taxonomy of information assurance, based on the three aspects of:

  1. Security services
  2. Information states
  3. Security countermeasures

These three aspects of Information Assurance (IA) were highlighted by John McCumber [1] as well as a team of West Point researchers [2] as a component of works that define an integrated approach to security.

Within the next 6 months, I would like to create a taxonomy that graphically depicts the relationships of these three aspects.

My intent is that this taxonomy could be used by the academic community, industry, and government in improving the precision of communication used in discussing information assurance/security topics.

I have searched the Internet widely for a taxonomy of IA, but I have not found anything that is sufficiently detailed for application with real world problems.

I am posting my initial results here in hopes that an open collaboration process (much like the open source software movement) will yield a useful tool for the security community to use in addressing information assurance issues.

Information Assurance high level taxonomy


Information Assurance security services

Information Assurance security countermeasures

Schedule Notes

I will post the result of revisions, additions, and deletions on a monthly basis. After each update I will also maintain a copy of the previous editions.


You are encouraged to freely distribute any of the works on this page, as long as you reference me and any other associated resources (e.g. the West Point Information Assurance Model).

Contact information

Abe Usher


[1] McCumber, John. "Information Systems Security: A Comprehensive Model". Proceedings 14th National Computer Security Conference. National Institute of Standards and Technology. Baltimore, MD. October 1991.

[2] Maconachy, Victor, Corey Schou, Daniel Ragsdale, and Don Welch. "A Model for Information Assurance: An Integrated Approach". Proceedings of the 2001 IEEE Workshop on Information Assurance and Security. U.S. Military Academy. West Point, NY. June 2001.

Related Resources

Bishop, Matt and David Bailey. "A Critical Analysis of Vulnerability Taxonomies". Technical Report CSE-96-11, Department of Computer Science at the University of California at Davis, September 1996.

Bishop, Matt. "A Taxonomy of UNIX System and Network Vulnerabilities". Technical Report CSE-9510, Department of Computer Science, University of California at Davis, May 1995.

Shirley, R. "Internet Security Glossary". Network Working Group, The Internet Society. May 2000.

Wheeler, Lynn. "Security Taxonomy and Glossary". Updated 2003.